You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Marko Hrastovec (Jira)" <ji...@apache.org> on 2022/12/21 08:00:00 UTC
[jira] [Created] (PROTON-2663) class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database
Marko Hrastovec created PROTON-2663:
---------------------------------------
Summary: class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database
Key: PROTON-2663
URL: https://issues.apache.org/jira/browse/PROTON-2663
Project: Qpid Proton
Issue Type: Improvement
Components: cpp-binding
Affects Versions: proton-c-0.37.0
Environment: Linux 64bit
Ubuntu 22.04: libqpid-proton-cpp12 0.22.0-5 (used for testing, not intended for production)
Redhat, Oracle: qpid-proton-cpp-0.37.0-1.el8.x86_64
Reporter: Marko Hrastovec
Fix For: proton-c-0.37.0
Class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database.
Out application has to present a custom certificate to the server, but the server uses a certificate signed by a certificate authority (CA) that is present in the systems default certificate trust database.
Curently, our only option to connect is to supply a dummy certificate trust database, and use proton::ssl::ANONYMOUS_PEER which disables server check. In that way, we skip an important check for a secure connection. That is unacceptable for a production version of our application. Until we come to a production version we must resolve that issue. That is why I marked it as a blocker.
I have a patch, but I am not sure how to contribute it. I guess reporting is a first step?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org